PrivacyEnhancing Privacy Protections for Android Applications
From navigation to remote banking, mobile device users rely on a variety of applications to streamline daily tasks, communicate, and dramatically increase productivity. While exceedingly useful, the ecosystem of third-party applications utilizes a number of sensors – microphones, GPS, pedometers, cameras – and user interactions to collect data used to enable functionality. Troves of sensitive personal data about users are accessible to these applications and as defense and commercial mobile device users become increasingly reliant on the technology, there are growing concerns around the challenge this creates for preserving user privacy.
From navigation to remote banking, mobile device users rely on a variety of applications to streamline daily tasks, communicate, and dramatically increase productivity. While exceedingly useful, the ecosystem of third-party applications utilizes a number of sensors – microphones, GPS, pedometers, cameras – and user interactions to collect data used to enable functionality. Troves of sensitive personal data about users are accessible to these applications and as defense and commercial mobile device users become increasingly reliant on the technology, there are growing concerns around the challenge this creates for preserving user privacy.
DARPA says that under DARPA’s Brandeis program, a team of researchers led by Two Six Labs and Raytheon BBN Technologies have developed a platform called Privacy Enhancements for Android (PE for Android) to explore more expressive concepts in regulating access to private information on mobile devices. PE for Android seeks to create an extensible privacy system that abstracts away the details of various privacy-preserving technologies, allowing application developers to utilize state-of-the-art privacy techniques, such as secure multi-party computation and differential privacy, without knowledge of their underlying esoteric technologies. Importantly, PE for Android allows mobile device users to take ownership of their private information by presenting them with more intuitive controls and permission enforcement options.
The researchers behind PE for Android today released a white paper detailing the platform’s capabilities and functionality, and published an open source release of its code to GitHub. In open sourcing PE for Android, the researchers aim to make it easier for the open-source Android community and researchers to employ enhanced privacy-preserving technologies within Android apps while also encouraging them to help address the platform’s current limitations and build upon its initial efforts.
“User privacy should be a first-rate concern for mobile app development, and we are hoping that open-sourcing PE for Android will galvanize the Android developer community,” said Dr. Josh Baron, the DARPA program manager leading Brandeis. “While the benefits of this to personal and commercial users may be apparent, military personnel are also heavy users of mobile devices and often bring personal devices to or near work. Changes made to the Android ecosystem will therefore have important implications for privacy and security across the Department of Defense. I encourage the community to take a look at the code, improve it if they find gaps, and figure out which parts are deserving of adoption into the broader Android ecosystem.”
PE for Android is comprised of a set of extensions and interfaces that are integrated into the Android OS. The primary components, which include APIs, services, and a Privacy Abstraction Layer (PAL), are invoked when applications request private data. Apps employing PE for Android can opt to send these requests to the platform’s Private Data Service and associated modules called μPALs, where data transformation and isolation techniques are implemented to convert private data into less sensitive forms. This moves sensitive data processing out of the application process space where there is a higher risk of intentional or unintentional data leakage, and into secure services that implement privacy-preserving technologies. Once the sensitive information is transformed, it may then be returned to the application. Under this model, only the trusted architecture of the Private Data Service – not the requesting app – has direct access to the full scope of sensitive data available through the stock Android API.
Another key component of PE for Android are Policy Managers. This API helps provide fine-grained control of permissions; enabling users to more easily specify their privacy policy and gain greater control over how their private information is used. Through Policy Managers, users are provided additional context around why the information is needed and how it will be used within a given application. From there, they can make a more informed decision as to what information the application will be given access too.
The PE for Android source code release includes several use cases and applications for these key components, many of which were developed by other research teams working under the Brandeis program. This includes a Privacy Checkup tool; the Purposes Policy Manager developed by Carnegie Mellon University, which lets people view and set policies for individual apps as well as all apps on a smartphone; and various μPAL modules capable of performing privacy transformations on different types of sensitive data. The University of Vermont and the Brandeis Helio team are among those responsible for developing the μPAL modules discussed in the white paper.
Additional information about PE for Android is available at https://android-privacy.org.
